8.5
CVE-2025-2230 - Philips Intellispace Cardiovascular (ISCV) Improper Authentication
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
3.3
CVE-2025-2157 - foreman: Disclosure of Executed Commands and Outputs in Foreman / Red Hat Satellite
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited eβ¦
4.3
CVE-2024-30143 - A path traversal vulnerability in HCL AppScan Traffic Recorder
HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is runninβ¦
7.2
CVE-2025-24053 - Microsoft Dataverse Elevation of Privilege Vulnerability
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
5.8
CVE-2025-29773 - Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escβ¦
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulneraβ¦
4.4
CVE-2025-29768 - Vim vulnerable to potential data loss with zip.vim and special crafted zip files
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patcβ¦
8.7
CVE-2025-2081 -
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
9.3
CVE-2025-2080 -
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.
8.7
CVE-2025-2079 -
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
8.6
CVE-2025-27107 - Integrated Scripting vulnerable to arbitrary code execution via Java reflection
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java rβ¦